Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxMnYtNjd2Ny02dmM2
Data races in rocket
The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time.
Permalink: https://github.com/advisories/GHSA-8q2v-67v7-6vc6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxMnYtNjd2Ny02dmM2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 11 months ago
CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-8q2v-67v7-6vc6, CVE-2020-35882
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-35882
- https://github.com/SergioBenitez/Rocket/issues/1312
- https://rustsec.org/advisories/RUSTSEC-2020-0028.html
- https://github.com/advisories/GHSA-8q2v-67v7-6vc6
Blast Radius: 29.0
Affected Packages
cargo:rocket
Dependent packages: 423Dependent repositories: 3,829
Downloads: 4,565,291 total
Affected Version Ranges: >= 0.4.0, < 0.4.5
Fixed in: 0.4.5
All affected versions: 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4
All unaffected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.3.11, 0.3.12, 0.3.13, 0.3.14, 0.3.15, 0.3.16, 0.3.17, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.5.0